b'                     AUDIT REPORT\n  Audit of NRC\xe2\x80\x99s Management of the Baseline Security Inspection Program\n\n\n                       OIG-12-A-10 March 8, 2012\n\n\n\n\nAll publicly available OIG reports (including this report) are accessible through\n                              NRC\xe2\x80\x99s Web site at:\n             http:/www.nrc.gov/reading-rm/doc-collections/insp-gen/\n\x0c                                 UNITED STATES\n                         NUCLEAR REGULATORY COMMISSION\n                                  WASHINGTON, D.C. 20555-0001\n\n\n\nOFFICE OF THE\nINSPECTOR GENERAL\n\n\n                                                   March 8, 2012\n\n\n\n\nMEMORANDUM TO:              R. William Borchardt\n                            Executive Director for Operations\n\n\n\nFROM:                       Stephen D. Dingbaum /RA/\n                            Assistant Inspector General for Audits\n\n\nSUBJECT:                    AUDIT OF NRC\xe2\x80\x99S MANAGEMENT OF THE BASELINE\n                            SECURITY INSPECTION PROGRAM (OIG-12-A-10)\n\n\nAttached is the Office of the Inspector General\xe2\x80\x99s audit report titled, Audit of NRC\xe2\x80\x99s\nManagement of the Baseline Security Inspection Program.\n\nThis report presents the results of the subject audit. Agency comments provided at the\nFebruary 29, 2012, exit conference have been incorporated, as appropriate, into this\nreport.\n\nPlease provide information on actions taken or planned regarding each of the\nrecommendations within 30 days of the date of this memorandum. Actions taken or\nplanned are subject to OIG follow-up in accordance with Management Directive 6.1.\n\nWe appreciate the cooperation extended to us by the members of your staff during this\naudit. If you have any questions or wish to discuss anything prior to the exit conference,\nplease call me at 415-5915 or Beth Serepca, Team Leader, at 415-5911.\n\nAttachment: As stated\n\ncc:    N. Mamish, OEDO\n       K. Brock, OEDO\n       J. Arildsen, OEDO\n       C. Jaegers, OEDO\n\x0c                                    Overview of NRC\xe2\x80\x99s Management of the Baseline Security Inspection Program\n\n\nEXECUTIVE SUMMARY\n\n        BACKGROUND\n\n                Baseline Security Inspection Program\n\n                The Nuclear Regulatory Commission\xe2\x80\x99s (NRC) baseline security inspection\n                program is the agency\xe2\x80\x99s primary means for ensuring that nuclear power\n                plants across the United States are protected in accordance with Federal\n                Government regulations.1 Specifically, the baseline security inspection\n                program has six objectives:\n\n                    1. To gather sufficient, factual information to determine with high\n                       assurance if a licensee\xe2\x80\x99s security system and material control and\n                       accounting program2 can protect against radiological sabotage, and\n                       the theft or loss of special nuclear material.\n\n                    2. To determine a licensee\xe2\x80\x99s ability to identify, assess, and correct\n                       security issues in proportion with the significance of these issues.\n\n                    3. To determine if licensees, working with external agencies, are\n                       capable of deterring and protecting against the Design Basis\n                       Threat.3\n\n                    4. To validate performance indicator data, which NRC uses in\n                       conjunction with inspection findings to assess the security\n                       performance of power reactor licensees.\n\n                    5. To help NRC monitor plants\xe2\x80\x99 security status and conditions.\n\n\n\n\n1\n Chapter 10 Part 73 of the Code of Federal Regulations (10 CFR 73) establishes security regulations for\noperating nuclear power plants.\n2\n The basic objective of material control and accounting is to prevent the loss or misuse of Special\nNuclear Material (i.e., enriched uranium or plutonium).\n3\n  The Design Basis Threat describes the capabilities of adversaries, such as terrorist groups, that could\nattack a nuclear power plant. The Design Basis Threat is based on classified and other sensitive\ninformation, and NRC revises it periodically to reflect current security issues. An unclassified version\nappears in 10 CFR 73.1(a).\n\n\n                                                     i\n\x0c                                     Overview of NRC\xe2\x80\x99s Management of the Baseline Security Inspection Program\n\n\n                     6. To identify significant issues that may have generic or crosscutting\n                        applicability to the safe and secure operation of licensees\xe2\x80\x99 facilities.\n\n                To meet these objectives, NRC conducts routine inspections at nuclear\n                power plants that focus on specific issue areas such as access controls,\n                protective strategy, security training, and safeguards information (SGI)\n                controls.4\n\n\n                Significance Determination Process\n\n                The Significance Determination Process (SDP) is the process by which\n                NRC staff assess the risks and potential effects of inspection findings. In\n                following the SDP, NRC staff systematically analyze apparent violations\n                and characterize them under the following color-code scheme:\n                       Green = Very low safety significance.\n                       White = Low to moderate safety significance.\n                       Yellow = Substantial safety significance.\n                       Red = High safety significance.\n\n                NRC staff close Green findings in their inspection reports without\n                additional analysis, but White, Yellow, and Red findings require more in-\n                depth analysis using SDP assessment tools. Since 2004, NRC has\n                created several assessment tools for different types of security violations.\n                These tools and their respective issue areas are:\n\n                     Physical Protection [Access Controls, Access Authorization, Physical\n                     Protection, Contingency Response].\n                     Material Control and Accounting of Radiological Materials.\n                     Unsecured Safeguards Information.\n                     Significance Screen.5\n                     Force-on-Force Exercise Performance.\n\n4\n  SGI is defined as information the disclosure of which could reasonably be expected to have a significant\nadverse effect on the health and safety of the public and/or the common defense and security by\nsignificantly increasing the likelihood of theft, diversion, or sabotage of material or facilities subject to\nNRC jurisdiction. This information is not classified as National Security Information or Restricted Data.\n\n5\n  The Significance Screen is used to assess violations such as security personnel sleeping on duty; pipes\nleading from outside a plant into the plant\xe2\x80\x99s Protected Area without adequate barriers or monitoring; and\nunauthorized firearms brought inside a plant by employees or contractors.\n\n                                                      ii\n\x0c                      Overview of NRC\xe2\x80\x99s Management of the Baseline Security Inspection Program\n\n\n\nPURPOSE\n\n      The objective of this audit was to evaluate NRC\xe2\x80\x99s management of the\n      baseline security inspection program, including specific program features\n      such as the Significance Determination Process.\n\n\nRESULTS IN BRIEF\n\n      NRC has appropriate management controls to ensure the baseline\n      security inspection program meets its objectives. However, a more\n      systematic approach to analyzing security findings data beyond the\n      regional level can help NRC staff better identify licensee performance\n      trends. Further, periodic reviews of SDP assessment tools and systematic\n      testing of new and revised SDP assessment tools can help staff apply\n      SDP assessment tools in a more transparent and consistent manner.\n\nRECOMMENDATIONS\n\n      This report makes five recommendations to improve NRC\xe2\x80\x99s management of\n      the baseline security inspection program. A list of these recommendations\n      appears on page 18 of this report.\n\nAgency Comments\n\n      At an exit conference on February 29, 2012, agency management\n      provided informal comments on a draft of this report. The Office of the\n      Inspector General incorporated some of these comments into the report\n      as appropriate. As a result, the agency opted not to provide formal\n      comments for inclusion in this report.\n\n\n\n\n                                      iii\n\x0c                 Overview of NRC\xe2\x80\x99s Management of the Baseline Security Inspection Program\n\n\nABBREVIATIONS AND ACRONYMS\n\n       ADAMS   Agencywide Documents Access and Management\n               System\n\n       CFR     Code of Federal Regulations\n\n       FTE     Full-Time Equivalents\n\n       FY      Fiscal Year\n\n       IMC     Inspection Manual Chapter\n\n       MD      Management Directive\n\n       NRC     Nuclear Regulatory Commission\n\n       OIG     Office of the Inspector General\n\n       PIM     Plant Issues Matrix\n\n       ROP     Reactor Oversight Process\n\n       RPS     Reactor Program System\n\n       SDP     Significance Determination Process\n\n       SGI     Safeguards Information\n\n       SLES    Safeguards Information Local Area Network and\n               Electronic Safe\n\n\n\n\n                                 iv\n\x0c                             Overview of NRC\xe2\x80\x99s Management of the Baseline Security Inspection Program\n\n\nTABLE OF CONTENTS\n\n        EXECUTIVE SUMMARY ........................................................................... i\n\n        ABBREVIATIONS AND ACRONYMS ........................................................ v\n\n        I.      BACKGROUND .............................................................................. 1\n\n        II.     PURPOSE ...................................................................................... 8\n\n        III.    FINDINGS ....................................................................................... 8\n\n                A. NRC CAN IMPROVE INTERNAL CONTROL OVER BASELINE\n                   SECURITY INSPECTION PROGRAM DATA. ........................................ 9\n\n                B. NRC LACKS CONSENSUS ON CONTENT AND APPLICATION\n                   OF SGI AND SIGNIFICANCE SCREEN TOOLS. ................................. 15\n\n\n        IV.     CONSOLIDATED LIST OF RECOMMENDATIONS ..................... 18\n\n        V.      AGENCY COMMENTS ................................................................. 19\n\n        APPENDIXES\n\n                A. POWER REACTOR SITES BY LICENSEE\n                   OPERATOR AND NRC REGION ............................................ 20\n\n                B. OBJECTIVE, SCOPE, AND METHODOLOGY........................ 21\n\n\n\n\n                                                 v\n\x0c                                    Overview of NRC\xe2\x80\x99s Management of the Baseline Security Inspection Program\n\n\nI.      BACKGROUND\n\n                The Nuclear Regulatory Commission\xe2\x80\x99s (NRC) baseline security inspection\n                program is the agency\xe2\x80\x99s primary means for ensuring that nuclear power\n                plants across the United States are protected in accordance with Federal\n                Government regulations.6 Specifically, the baseline security inspection\n                program has six objectives:\n\n                    1. To gather sufficient, factual information to determine with high\n                       assurance if a licensee\xe2\x80\x99s security system and material control and\n                       accounting program7 can protect against radiological sabotage, and\n                       the theft or loss of special nuclear material.\n\n                    2. To determine a licensee\xe2\x80\x99s ability to identify, assess, and correct\n                       security issues in proportion with the significance of these issues.\n\n                    3. To determine if licensees, working with external agencies, are\n                       capable of deterring and protecting against the Design Basis\n                       Threat.8\n\n                    4. To validate performance indicator data, which NRC uses in\n                       conjunction with inspection findings to assess the security\n                       performance of power reactor licensees.\n\n\n\n\n6\n Chapter 10 Part 73 of the Code of Federal Regulations (10 CFR 73) establishes security regulations for\noperating nuclear power plants.\n7\n The basic objective of material control and accounting is to prevent the loss or misuse of Special\nNuclear Material (i.e., enriched uranium or plutonium).\n8\n  The Design Basis Threat describes the capabilities of adversaries, such as terrorist groups, that could\nattack a nuclear power plant. The Design Basis Threat is based on classified and other sensitive\ninformation, and NRC revises it periodically to reflect current security issues. An unclassified version\nappears in 10 CFR 73.1(a).\n\n\n                                                     1\n\x0c                                     Overview of NRC\xe2\x80\x99s Management of the Baseline Security Inspection Program\n\n\n                     5. To help NRC monitor plants\xe2\x80\x99 security status and conditions.\n\n                     6. To identify significant issues that may have generic or crosscutting\n                        applicability to the safe and secure operation of licensees\xe2\x80\x99 facilities.\n\n                To meet these objectives, NRC conducts routine inspections at nuclear\n                power plants that focus on specific issue areas such as access controls,\n                protective strategy, security training, and safeguards information (SGI)\n                controls.9 Personnel at NRC\xe2\x80\x99s four regional offices plan and conduct\n                baseline security inspections at nuclear power plants within their\n                respective regions. Headquarters staff in NRC\xe2\x80\x99s Office of Nuclear\n                Security and Incident Response (NSIR) support baseline security\n                inspections through policy and guidance development, licensee\n                performance data review, and review of escalated licensee violations.\n                NSIR staff also conduct Force-on-Force inspections\xe2\x80\x94the only type of\n                baseline security inspections conducted by headquarters staff with support\n                from regional staff.10 In Fiscal Year (FY) 2012, NRC allocated 11.5 Full-\n                Time Equivalents (FTE) for headquarters activities in the baseline security\n                inspection program, and 5.7 FTE for program activities at each of the four\n                regions for a total of 34.3 FTE. NRC staff expect these resource levels to\n                remain constant in FY 2013.\n\n\n\n\n9\n  SGI is defined as information the disclosure of which could reasonably be expected to have a significant\nadverse effect on the health and safety of the public and/or the common defense and security by\nsignificantly increasing the likelihood of theft, diversion, or sabotage of material or facilities subject to\nNRC jurisdiction. This information is not classified as National Security Information or Restricted Data.\n10\n  Force-on-Force inspections require licensees to demonstrate their security capabilities through tactical\nexercises in which mock terrorist groups simulate attacks against nuclear power plants. Congress\nmandated triennial Force-on-Force inspections in the 2005 Energy Policy Act.\n\n                                                     2\n\x0c                              Overview of NRC\xe2\x80\x99s Management of the Baseline Security Inspection Program\n\n\n              Figure 1 shows NRC\xe2\x80\x99s regions, as well as the locations of regional and\n              headquarters offices, and the agency\xe2\x80\x99s Technical Training Center.\n\n              Figure 1: Map of the United States and NRC Regions\n\n\n\n\nSource: NRC\n\n\n\n\n                                              3\n\x0c                                    Overview of NRC\xe2\x80\x99s Management of the Baseline Security Inspection Program\n\n\n                Significance Determination Process\n\n                The Significance Determination Process (SDP) is the process by which\n                NRC staff assess the risks and potential effects of inspection findings. In\n                following the SDP, NRC staff systematically analyze apparent violations\n                and characterize them under the following color-code scheme:\n                       Green = Very low safety significance.\n                       White = Low to moderate safety significance.\n                       Yellow = Substantial safety significance.\n                       Red = High safety significance.\n\n                NRC staff close Green findings in their inspection reports without\n                additional analysis, but White, Yellow, and Red findings require more in-\n                depth analysis using SDP assessment tools. Since 2004, NRC has\n                created several assessment tools for different types of security violations.\n                These tools and their respective issue areas are:\n\n                    Physical Protection [Access Controls, Access Authorization, Physical\n                    Protection, Contingency Response].\n                    Material Control and Accounting of Radiological Materials.\n                    Unsecured Safeguards Information.\n                    Significance Screen.11\n                    Force-on-Force Exercise Performance.\n\n\n\n\n11\n  The Significance Screen is used to assess violations such as security personnel sleeping on duty;\npipes leading from outside a plant into the plant\xe2\x80\x99s Protected Area without adequate barriers or monitoring;\nand unauthorized firearms brought inside a plant by employees or contractors.\n\n                                                     4\n\x0c                      Overview of NRC\xe2\x80\x99s Management of the Baseline Security Inspection Program\n\n\nFigure 2 shows security barriers, which are one of many security system\nelements that NRC staff inspect at nuclear power plants.\n\nFigure 2: Security Barriers at a Nuclear Power Plant\n\n\n\n\nSource: NRC\n\n      White, Yellow, and Red findings require additional review by NRC staff.\n      First, NRC notifies licensees of a finding, and licensees must then formally\n      respond by either accepting the finding and committing to corrective\n      actions, or by contesting the finding. Second, NRC management must\n      review findings to ensure that their staff have applied SDP assessment\n      tools correctly. Third, if licensees contest findings, they may provide\n      mitigating information or other analysis to explain why they believe\n      findings should be downgraded. NRC staff must factor this information\n      into their final decision. Lastly, the technical complexity of a particular\n      finding can impact the amount of time and effort needed by NRC staff and\n      licensee personnel to support their respective positions.\n\n\n\n\n                                      5\n\x0c                                      Overview of NRC\xe2\x80\x99s Management of the Baseline Security Inspection Program\n\n\n                  Greater-than-Green findings are relatively uncommon in the baseline\n                  security inspection program. In 2010, for example, NRC issued 112\n                  Green findings, and 6 Greater-than-Green findings.12\n\n                  Correct and consistent application of SDP assessment tools is essential to\n                  the Reactor Oversight Process (ROP), which is NRC\xe2\x80\x99s framework for\n                  regulating the nuclear power industry. The ROP is based upon principles\n                  of risk-informed decisionmaking and transparency. Accordingly, NRC\n                  should:\n\n                      Focus inspections on activities where the potential risks are greater.\n                      Apply greater regulatory attention to nuclear power plants with\n                      performance problems.\n                      Use objective measurements of performance of nuclear power plants.\n                      Give both the public and the nuclear industry timely and\n                      understandable assessments of plant performance.\n                      Respond to violations of regulations in a predictable and consistent\n                      manner that reflects the potential safety impact of the violations.\n\n                  The ROP categorizes NRC\xe2\x80\x99s oversight activities into seven distinct\n                  \xe2\x80\x95cornerstones\xe2\x80\x96 of safe operation, one of which is physical protection. NRC\n                  also assesses licensee performance in the context of cross-cutting issues,\n                  such as problem identification and resolution, which may affect multiple\n                  ROP cornerstones.\n\n\n\n\n12\n     These do not include results of Force-on-Force inspections.\n\n                                                      6\n\x0c                       Overview of NRC\xe2\x80\x99s Management of the Baseline Security Inspection Program\n\n\nFigure 3 illustrates the ROP cornerstones and their relation to key oversight\nareas and cross-cutting issue areas.\n\nFigure 3: Reactor Oversight Process Framework\n\n\n\n\nSource: NRC\n\n      The ROP is complemented by NRC\xe2\x80\x99s enforcement program, which, in this\n      context, focuses on violations that are caused by deliberate misconduct.\n      NRC may pursue enforcement action against licensees while staff are\n      determining a finding\xe2\x80\x99s significance within the ROP framework.\n      Enforcement action can result in the issuance of civil penalties against\n      licensees.\n\n\n\n\n                                       7\n\x0c                           Overview of NRC\xe2\x80\x99s Management of the Baseline Security Inspection Program\n\n\nII.    PURPOSE\n\n           The audit objective was to evaluate NRC\xe2\x80\x99s management of the baseline\n           security inspection program, including specific program features such as\n           the Significance Determination Process. Appendix B contains information\n           on the audit scope and methodology.\n\n\n\nIII.   FINDINGS\n\n           NRC has appropriate management controls to ensure the baseline\n           security inspection program meets its objectives. However, a more\n           systematic approach to analyzing security findings data beyond the\n           regional level can help NRC staff better identify licensee performance\n           trends. Further, periodic reviews of SDP assessment tools and systematic\n           testing of new and revised SDP assessment tools can help staff apply\n           SDP assessment tools in a more transparent and consistent manner.\n\n\n\n\n                                           8\n\x0c                                    Overview of NRC\xe2\x80\x99s Management of the Baseline Security Inspection Program\n\n\n        A.      NRC Can Improve Internal Control Over Baseline Security Inspection\n                Program Data\n\n                Federal Government and NRC guidance on internal control13 recommend\n                the use of data analysis to inform program operations and management.\n                NRC maintains data on security inspection findings, but does not\n                systematically analyze it to identify trends among NRC regions and\n                licensee fleets.14 This occurs because NRC\xe2\x80\x99s baseline security inspection\n                program emphasizes analysis of individual licensee performance and\n                performance of licensees within each of the four NRC regions. As a\n                result, NRC may miss opportunities to improve monitoring and\n                management of security issues, inspection procedures, and tools.\n\n                Effective Internal Control Is Key To Maintaining Visibility Over\n                Program Operations and Results.\n\n                Federal Government and NRC internal control guidance recommend that\n                program managers analyze appropriate information sources used in the\n                baseline security inspection program to inform program operations and\n                decisions and to ensure programs achieve intended results. Internal\n                controls comprise the plans, methods, and procedures used to meet\n                missions, goals, and objectives. These controls include managers at all\n                levels analyzing trends and measuring results against targets. Controls\n                must be developed as programs are initially implemented, as well as when\n                they are reengineered. Additionally, managers should employ a variety of\n                activities ensuring that edit checks are used in controlling data entry and\n                that access to data and data systems is appropriately controlled.\n\n\n\n\n13\n  Standards for Internal Control in the Federal Government (GAO/AIMD-00-21.3.1) U.S. General\nAccounting Office, Washington DC: 1999 and NRC Management Directive 4.4,\xe2\x80\x96Management Controls,\xe2\x80\x96\nMay 18, 2004.\n14\n   A fleet refers to a group of nuclear power plants operated by one licensee. Plants belonging to a\nlicensee\xe2\x80\x99s fleet can be located in one or more NRC regions.\n\n                                                    9\n\x0c                                      Overview of NRC\xe2\x80\x99s Management of the Baseline Security Inspection Program\n\n\n                  NRC Does Not Perform Systematic Cross-Regional or Cross-Fleet\n                  Analysis of Security Trends\n\n                  NRC maintains and uses multiple information sources to monitor plant\n                  performance, but managers do not perform systematic analysis to assess\n                  trends across NRC regions or licensee fleets. For example, NRC\n                  maintains many information sources pertaining to inspection findings and\n                  has visibility over individual plant performance through the use of\n                  inspection reports stored in the Agencywide Documents Access and\n                  Management System (ADAMS),15 inspection reports stored in the\n                  Safeguards Information Local Area Network and Electronic Safe (SLES),16\n                  mid- and end-of-cycle assessments, the Plant Issues Matrix (PIM),\n                  Reactor Program System (RPS) data, and annual reports to Congress.\n                  However, NRC does not perform systematic cross-regional or cross-fleet\n                  analysis of security inspection trends. Figure 4 shows information sources\n                  used in the baseline security inspection program.\n\n\n\n\n15\n  ADAMS is the official recordkeeping system through which NRC provides access to vast "libraries" or\ncollections of documents related to the agency\xe2\x80\x99s regulatory activities.\n16\n     SLES is NRC\xe2\x80\x99s information repository for all SGI.\n\n\n                                                         10\n\x0c                             Overview of NRC\xe2\x80\x99s Management of the Baseline Security Inspection Program\n\n\n     Figure 4: NRC Baseline Security Inspection Program Information Sources\n\n     Information Source                          Description\n     Inspection Reports                          Inspection reports, written by NRC\n                                                 inspectors, provide NRC with all the\n                                                 details of the final disposition of\n                                                 findings uncovered during NRC\n                                                 inspections of power reactors.\n                                                 Details include the date of the\n                                                 inspection, the number and types of\n                                                 findings, and the safety significance\n                                                 (color designation of the finding).\n     SLES                                        NRC\xe2\x80\x99s repository for all inspection\n                                                 reports and other documents\n                                                 containing SGI.\n     Mid/End Cycle Plant                         Reports issued at the beginning of\n     Assessment Reports                          March and September of each year\n                                                 for each reactor site. The reports\n                                                 state whether the plant is receiving\n                                                 increased oversight and the number\n                                                 of planned inspections.\n     PIM                                         The PIM provides a consolidated\n                                                 listing of individual plant issues (i.e.,\n                                                 inspection findings) that NRC uses\n                                                 to assess plant performance.\n     RPS                                         A system used by NRC to enter\n                                                 administrative data about inspection\n                                                 scheduling and limited data\n                                                 regarding inspection results.\n     Annual Report to Congress                   A report that provides a basic count\n                                                 of inspection findings for the year.\n\nSource: Office of the Inspector General (OIG) analysis of information sources\n\n\n\n\n                                            11\n\x0c                      Overview of NRC\xe2\x80\x99s Management of the Baseline Security Inspection Program\n\n\n      Additionally, regional branch chiefs stated that they can request that\n      headquarters generate reports in response to individual staff requests, but\n      reports focus on individual regions and requesters\xe2\x80\x99 individual data needs.\n      However, the headquarters representative responsible for responding to\n      such requests told OIG that this type of analysis is labor intensive and\n      requires piecing together data from the multiple sources listed above.\n\n      Incidentally, it is important for NRC to perform cross-regional and cross-\n      fleet analysis for purposes of identifying areas that may need more\n      regulatory emphasis. This analysis can also be used to make strategic\n      program decisions, inform the tools and inspection procedures that are\n      used to develop findings, and ensure the program is achieving its intended\n      results.\n\n      Likewise, comprehensive cross-regional and cross-fleet analysis is\n      important because NRC performs baseline security inspection activities at\n      104 reactor units within 65 reactor sites throughout NRC\xe2\x80\x99s four regions\n      (see Figure 5). Moreover, approximately 45 percent of power reactor\n      licensees manage more than one reactor site, and approximately 20\n      percent maintain reactor sites in more than one region. See Appendix A\n      for a table showing power reactor sites by licensee operator and their\n      locations by NRC region.\n\n\nFigure 5: Breakdown of Regional Reactor Sites and Reactor Units\n           Region 1    Region 2 Region 3        Region 4   Totals\n\nReactor 17               18               16               14               65\nSites\nReactor 26               33               24               21               104\nUnits\nSource: OIG analysis of NRC data\n\n\n\n\n                                     12\n\x0c                 Overview of NRC\xe2\x80\x99s Management of the Baseline Security Inspection Program\n\n\nNRC Management Does Not Emphasize Trend Analysis Across\nRegions and Fleets\n\nOIG found that NRC does not perform trend analysis across regions and\nfleets because program management emphasizes analysis of individual\nplant performance, and trends within each of the four regions.\nAdditionally, NRC does not actively maintain and manage a centralized\ndatabase for analyzing security inspection findings across regions and\nfleets as evidenced by OIG\xe2\x80\x99s analysis of NRC\xe2\x80\x99s current information\nsources.\n\nFurther, OIG could not determine if data in existing data systems is\ncomplete and accurate. Two of the data systems NRC headquarters staff\nuse to access information may not be complete or accurate.\n\n   First, RPS is used to collect information about scheduling inspections\n   and also collects basic data points about findings. NRC does not use\n   a single, consistent process for data entry or define data management\n   controls for users of this database. The headquarters official\n   responsible for obtaining and analyzing data from this system stated\n   that, up until very recently, the data could not be reconciled in this\n   system because regional officials had not consistently included the\n   official in their distribution of findings reports.\n\n   Second, NRC maintains, in addition to the information stored in RPS, a\n   separate secure database \xe2\x80\x93 SLES \xe2\x80\x93 that holds inspection finding\n   reports containing SGI data. OIG found that, for various reasons, this\n   information is not easy to obtain or analyze and, in some cases, was\n   not obtainable at all.\n\nImproved Data Collection and Analysis Will Enhance NRC\xe2\x80\x99s Ability\nTo Regulate and Improve Program Operations, Program Tools and\nProcedures, and Program Results\n\nDespite the lack of trending across regions and fleets, OIG found no\nmaterial adverse effect on NRC operations. However, NRC may miss\nopportunities to improve monitoring and management of security issues,\ninspection tools and procedures, and program results. Additionally,\nimproved data management and analysis can help NRC staff identify\ntrends that merit additional oversight or regulatory emphasis. This, in turn,\n\n                                13\n\x0c                Overview of NRC\xe2\x80\x99s Management of the Baseline Security Inspection Program\n\n\ncan give NRC greater assurance that the inspection program is meeting\nits objective to conduct fact-based assessments of licensee security\nprogram performance.\n\nRecommendations\n\nOIG recommends that the Executive Director for Operations:\n\n1. Develop and maintain a centralized database of security findings data\n   to be used for evaluating licensee performance trends, and\n   communicating this information to NRC staff, industry, and appropriate\n   public stakeholders.\n\n2. Formalize and implement a process for maintaining current and\n   accurate data within a centralized database.\n\n3. Formalize and implement a process for ensuring SGI findings data is\n   current and accessible for use in trending security findings issues.\n\n\n\n\n                               14\n\x0c                                      Overview of NRC\xe2\x80\x99s Management of the Baseline Security Inspection Program\n\n\n          B.      NRC Lacks Consensus on Content and Application of SGI and\n                  Significance Screen Tools\n\n                  The ROP sets general standards for NRC\xe2\x80\x99s oversight of power reactors,\n                  and emphasizes objectivity, transparency, and consistency in NRC\xe2\x80\x99s\n                  assessments of licensee performance. NRC staff and industry\n                  representatives expressed concern about the technical basis and\n                  application of the SGI and Significance Screen tools.17 Although NRC\n                  solicited staff comments in developing these assessment tools, NRC did\n                  not test draft versions of the tools and, further, does not have procedures\n                  for systematically reviewing SDP assessment tools on a periodic basis.\n                  Staff consensus and understanding of SDP assessment tools is critical to\n                  ensuring that staff can apply these tools in accordance with ROP\n                  standards and avoid undue resource burdens on NRC and licensees.\n\n                  The ROP Emphasizes Transparent, Consistent Regulation\n\n                  The ROP sets general transparency and consistency standards for NRC\xe2\x80\x99s\n                  oversight of the nuclear power industry. Specifically, NRC should aim for\n                  objective measurements of licensee performance and translate those\n                  measurements into timely assessments that the public and licensees can\n                  understand. Moreover, NRC should respond to licensee violations in a\n                  consistent manner that reflects the potential safety impact of the\n                  violations.\n\n                  NRC Staff and Industry Concerns and Questions Focus on SGI and\n                  Significance Screen Assessment Tools\n\n                  Interviews and surveys of NRC staff and nuclear power industry\n                  representatives regarding the security SDP showed that two assessment\n                  tools\xe2\x80\x94SGI and the Significance Screen\xe2\x80\x94produced the greatest amount\n                  of critical feedback. OIG received a broad range of comments regarding\n                  the content and application of these tools. OIG also received suggestions\n                  about how to improve these assessment tools. Additionally, some\n                  comments reflected a lack of understanding of assessment tool features,\n                  as well as doubts regarding the reliability of assessment results.\n\n\n\n\n17\n     See the \xe2\x80\x95Background\xe2\x80\x96 section of this report for information on security SDP assessment tools.\n\n                                                     15\n\x0c                Overview of NRC\xe2\x80\x99s Management of the Baseline Security Inspection Program\n\n\nOIG could not reconcile divergent staff and industry comments on the SGI\nand Significance Screen tools, yet several points stand out. First, some\nstaff questioned the technical basis of criteria used to escalate findings.\nFor example, both the SGI and Significance Screen rely on time standards\nto measure exploitability, but the rationale for these metrics was not clear\nto some NRC and industry personnel. Second, respondents questioned\nhow these tools weigh mitigating information, and whether this information\nis analyzed after a finding has been prematurely escalated. Third,\nrespondents questioned how some SGI and Significance Screen findings\ncan be coded as White or Yellow when violations appear unlikely to\nimpact plant safety or security. Lastly, some staff and industry personnel\nquestioned the potential for escalation bias in the Significance Screen.\nThe tool focuses on several particular security issues, and uses time and\nconsequence criteria that increase the likelihood of White or Yellow\nfindings.\n\nNRC Revises SDP Tools, but Does Not Systematically Test and\nUpdate Assessment Tools\n\nIn reviewing the history of security SDP development, OIG found that NRC\nhas tested other SDP tools prior to implementation but did not do so with\nthe SGI and Significance Screen tools. NRC solicited staff and industry\ncomments on draft tools, but did not test the draft tools by analyzing past\nor hypothetical findings to determine how the draft tools would work in a\npractical context. This differs from NRC\xe2\x80\x99s 2004 SDP pilot effort, during\nwhich headquarters and regional staff screened approximately 50 findings\nto determine whether the results would be reasonable. Similarly, NRC\xe2\x80\x99s\ncurrent effort to update the Force-on-Force SDP involves a findings\nscreening analysis.\n\nOIG\xe2\x80\x99s review also showed that NRC updates SDP assessment tools on a\ncircumstantial basis and does not have procedures to ensure that updates\nare performed consistently. The SGI and Significance Screen tools\nresulted from a 2007-2008 Enhancement Team effort that NRC initiated in\nresponse to staff concerns about particular security issues. Further, that\nEnhancement Team\xe2\x80\x99s leader has since retired from NRC, thereby limiting\nthe institutional knowledge necessary to guide future SDP updates in the\nabsence of formal procedures or best practice guidance.\n\n\n\n\n                               16\n\x0c                                   Overview of NRC\xe2\x80\x99s Management of the Baseline Security Inspection Program\n\n\n               Consensus and Understanding of SDP tools Is Important for\n               Regulatory Transparency\n\n               Consensus and understanding among NRC staff regarding SDP\n               assessment tools is critical to ensuring that staff can apply these tools\n               easily and consistently in accordance with Reactor Oversight Process\n               standards. This does not preclude professional disagreement over\n               particular findings. However, staff must understand the rationale for\n               findings so they can present them logically to licensees and uphold NRC\xe2\x80\x99s\n               integrity as a fair and impartial regulator. Further, NRC staff should have\n               confidence in the soundness of escalated findings, given that the SDP\n               requires extra staff resources for review and final disposition, and also\n               impacts licensees with costs for responding to NRC and taking\n               compensatory measures.18\n\n               Recommendations\n\n               OIG recommends that the Executive Director for Operations:\n\n               4. Formalize and implement procedures for testing draft SDP tools by\n                  staff to determine how draft tools would screen past violations and/or\n                  hypothetical security violations.\n\n               5. Formalize and implement a process for performing periodic review of\n                  existing security SDP tools to check for consistency of application and\n                  results.\n\n\n\n\n18\n   Greater-than-Green (e.g., White) findings can take between 5 and 18 months to close, depending on\nthe complexity of each case. Beyond the additional staff effort required to process these findings,\nlicensees may need to conduct independent analysis to support their positions in enforcement\nconferences with NRC. Further, licensees may be obligated to upgrade plant infrastructure at\nconsiderable cost if NRC maintains its position on an escalated finding.\n\n\n\n\n                                                  17\n\x0c                          Overview of NRC\xe2\x80\x99s Management of the Baseline Security Inspection Program\n\n\nIV.   CONSOLIDATED LIST OF RECOMMENDATIONS\n\n\n          OIG recommends that the Executive Director for Operations:\n\n          1. Develop and maintain a centralized database of security findings data\n             to be used for evaluating licensee performance trends, and\n             communicating this information to NRC staff, industry, and appropriate\n             public stakeholders.\n\n          2. Formalize and implement a process for maintaining current and\n             accurate data within a centralized database.\n\n          3. Formalize and implement a process for ensuring SGI findings data is\n             current and accessible for use in trending security findings issues.\n\n          4. Formalize and implement procedures for testing draft SDP tools by\n             staff to determine how draft tools would screen past violations and/or\n             hypothetical security violations.\n\n          5. Formalize and implement a process for performing periodic review of\n             existing security SDP tools to check for consistency of application and\n             results.\n\n\n\n\n                                         18\n\x0c                        Overview of NRC\xe2\x80\x99s Management of the Baseline Security Inspection Program\n\n\nV.   AGENCY COMMENTS\n\n\n        At an exit conference on February 29, 2012, agency management\n        provided informal comments on a draft of this report. The Office of the\n        Inspector General incorporated some of these comments into this report\n        as appropriate. As a result, the agency opted not to provide formal\n        comments for inclusion in this report.\n\n\n\n\n                                       19\n\x0c                                Overview of NRC\xe2\x80\x99s Management of the Baseline Security Inspection Program\n\n\n                                                                                          Appendix A\n     POWER REACTOR SITES BY LICENSEE OPERATOR AND NRC\n     REGION\n\n\nLicensee                             Region 1 Region 2           Region 3       Region 4          Total\nAmeren UE                                                                           1               1\nArizona Public Service Co.                                                          1               1\nConstellation Energy                    3                                                           3\nDetroit Edison Co.                                                    1                             1\nDominion Generation                     1         2                   1                             4\nDuke Energy Power Company,\nLLC                                               3                                                  3\nEnergy Northwest                                                                      1              1\nEntergy Nuclear Operations, Inc.        4                             1               4              9\nExelon Generation Co., LLC              4                             6                              10\nFirstEnergy Nuclear Operating Co.       1                             2                              3\nFlorida Power & Light Co.               1         2                   1                              4\nFPL Energy Point Beach, LLC                                           1                              1\nIndiana/Michigan Power Co.                                            1                              1\nNebraska Public Power District                                                        1              1\nNuclear Management Co.                                                2                              2\nOmaha Public Power District                                                           1              1\nPacific Gas & Electric Co.                                                            1              1\nPPL Susquehanna, LLC                    1                                                            1\nProgress Energy                                   4                                                  4\nPSE&G Nuclear                           2                                                            2\nSouth Carolina Electric & Gas Co.                 1                                                  1\nSouthern California Edison Co.                                                        1              1\nSouthern Nuclear Operating Co.                    3                                                  3\nSTP Nuclear Operating Co.                                                             1              1\nTennessee Valley Authority                        3                                                  3\nTXU Generating Company LP                                                             1              1\nWolf Creek Nuclear Operating\nCorp.                                                                                1               1\nTotal                                   17       18                   16             14              65\n      Source: OIG analysis of NRC data\n\n\n\n                                               20\n\x0c                        Overview of NRC\xe2\x80\x99s Management of the Baseline Security Inspection Program\n\n\n                                                                                 Appendix B\nOBJECTIVE, SCOPE, AND METHODOLOGY\n\n        OBJECTIVE\n\n        The audit objective was to evaluate NRC\xe2\x80\x99s management of the baseline\n        security inspection program, including specific program features such as\n        the Significance Determination Process.\n\n        SCOPE\n\n        The audit focused on reviewing NRC\xe2\x80\x99s oversight of the baseline security\n        inspection program and the Significance Determination Process. We\n        conducted this performance audit at NRC headquarters and at the four\n        NRC regions, from July 2011 through January 2012. Internal control and\n        ROP principles related to the audit objective were reviewed and analyzed.\n        Throughout the audit, auditors were aware of the possibility or existence of\n        fraud, waste, or misuse in the program.\n\n        METHODOLOGY\n\n        OIG reviewed relevant Federal regulations and internal guidance\n        pertaining to NRC\xe2\x80\x99s regulatory authorities to oversee security inspections,\n        including Chapter 10 Part 73 of the Code of Federal Regulations. OIG\n        also reviewed NRC inspection manual chapters (IMC), NRC management\n        directives (MD), and internal control guidance pertaining to the oversight\n        of baseline security inspections including:\n\n           IMC 0308 \xe2\x80\x93 Basis Document for Security Cornerstone of the Reactor\n           Oversight Process.\n           IMC 0609 Appendix E, Part I \xe2\x80\x93 Baseline Security Significance\n           Determination Process for Power Reactors.\n           MD 8.13 \xe2\x80\x93 Reactor Oversight Process.\n           MD 8.7 \xe2\x80\x93 Reactor Operating Experience Program.\n           MD 4.4 \xe2\x80\x93 Management Controls.\n           Standards for Internal Control in the Federal Government.\n\n        OIG also reviewed inspection reports housed in ADAMS and SLES,\n        performed an electronic survey of regional inspectors, and conducted\n        interviews with headquarters personnel (Rockville, MD), regional\n                                       21\n\x0c                Overview of NRC\xe2\x80\x99s Management of the Baseline Security Inspection Program\n\n\npersonnel, industry representatives, and the Nuclear Energy Institute.\nThese interviews were conducted to obtain insights into NRC\xe2\x80\x99s oversight\nof baseline security inspections and the significance determination\nprocess. The audit team also observed inspection activities at Three Mile\nIsland Nuclear Generating Station.\n\nWe conducted this performance audit in accordance with generally\naccepted Government auditing standards. Those standards require that\nwe plan and perform the audit to obtain sufficient, appropriate evidence to\nprovide a reasonable basis for our findings and conclusions based on our\naudit objectives. We believe that the evidence obtained provides a\nreasonable basis for our findings and conclusions based on our audit\nobjective.\n\nThe audit work was conducted by Beth Serepca, Team Leader; Paul\nRades, Audit Manager; Melissa Schermerhorn, Senior Management\nAnalyst; John Tornabane, Management Analyst; and Kevin Nietmann,\nSenior Technical Advisor.\n\n\n\n\n                               22\n\x0c'